CVE-2015-3960

Name of the Vulnerable Software and Affected Versions MNS versions prior to 4.5.6

Description The issue concerns the use of hardcoded RSA private keys and certificates in the firmware of affected devices. This makes it easier for remote attackers to defeat cryptographic protection mechanisms for HTTPS sessions by leveraging knowledge of a private key from another installation.

Recommendations For versions prior to 4.5.6, update to version 4.5.6 or later to resolve the issue. As a temporary workaround, consider restricting access to HTTPS sessions until the update is applied.